e49d0966b5
- (djm) AIX login{success,failed} changes. Move loginsuccess call to
...
do_authenticated. Call loginfailed for protocol 2 failures > MAX like
we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
K.Wolkersdorfer@fz-juelich.de and others
2001-11-13 23:46:18 +11:00
6fd5b391f0
- markus@cvs.openbsd.org 2001/11/07 22:41:51
...
[auth2.c auth-rh-rsa.c]
unused includes
2001-11-12 11:04:28 +11:00
bdfb4df08c
- markus@cvs.openbsd.org 2001/09/27 15:31:17
...
[auth2.c auth2-chall.c sshconnect1.c]
typos; from solar
2001-10-03 17:12:43 +00:00
1bc3bdb1c2
- markus@cvs.openbsd.org 2001/09/20 13:46:48
...
[auth2.c]
key_read returns now -1 or 1
2001-09-20 23:11:26 +00:00
940fb86c9a
- stevesk@cvs.openbsd.org 2001/07/23 18:14:58
...
[auth2.c auth-rsa.c]
use %lu; ok markus@
2001-08-06 21:01:49 +00:00
90279d80f5
- markus@cvs.openbsd.org 2001/06/26 05:50:11
...
[auth2.c]
new interface for secure_filename()
2001-07-04 03:56:56 +00:00
7907382299
- stevesk@cvs.openbsd.org 2001/06/25 20:26:37
...
[auth2.c sshconnect2.c]
prototype cleanup; ok markus@
2001-07-04 03:42:30 +00:00
bba81213b9
- itojun@cvs.openbsd.org 2001/06/23 15:12:20
...
[auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
readpass.c scp.c servconf.c serverloop.c session.c sftp.c
sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
ssh-keygen.c ssh-keyscan.c]
more strict prototypes. raise warning level in Makefile.inc.
markus ok'ed
TODO; cleanup headers
2001-06-25 05:01:22 +00:00
a4789ef878
- markus@cvs.openbsd.org 2001/06/23 03:04:42
...
[auth2.c auth-rh-rsa.c]
restore correct ignore_user_known_hosts logic.
2001-06-25 04:40:49 +00:00
83647ce474
- markus@cvs.openbsd.org 2001/06/23 00:20:57
...
[auth2.c auth.c auth.h auth-rh-rsa.c]
*known_hosts2 is obsolete for hostbased authentication and
only used for backward compat. merge ssh1/2 hostkey check
and move it to auth.c
2001-06-25 04:30:16 +00:00
f96704d4ef
- markus@cvs.openbsd.org 2001/06/22 21:55:49
...
[auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
ssh-keygen.1]
merge authorized_keys2 into authorized_keys.
authorized_keys2 is used for backward compat.
(just append authorized_keys2 to authorized_keys).
2001-06-25 04:17:12 +00:00
9d0c06667e
- markus@cvs.openbsd.org 2001/06/07 19:57:53
...
[auth2.c]
style is used for bsdauth.
disconnect on user/service change (ietf-drafts)
2001-06-09 01:40:00 +00:00
c763767f18
[NOTE: Next patch will sync nchan.c, channels.c and channels.h and all this
...
pain will be over.]
- markus@cvs.openbsd.org 2001/05/31 10:30:17
[auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
packet.c serverloop.c session.c ssh.c]
undo the .c file split, just merge the header and keep the cvs
history
2001-06-09 00:36:26 +00:00
cd4349f969
- markus@cvs.openbsd.org 2001/05/30 23:31:14
...
[auth2.c]
merge
2001-06-09 00:23:17 +00:00
e6455aee8f
[NOTE: File split is was not done in Portabl Tree]
...
- markus@cvs.openbsd.org 2001/05/30 12:55:13
[auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
packet.c serverloop.c session.c ssh.c ssh1.h]
channel layer cleanup: merge header files and split .c files
2001-06-09 00:17:10 +00:00
bfb3a0e973
- markus@cvs.openbsd.org 2001/05/20 17:20:36
...
[auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
sshd_config]
configurable authorized_keys{,2} location; originally from peter@;
ok djm@
2001-06-05 20:25:05 +00:00
551ea37576
- markus@cvs.openbsd.org 2001/05/18 14:13:29
...
[auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
improved kbd-interactive support. work by per@appgate.com and me
2001-06-05 18:56:16 +00:00
f815442116
- (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
...
(default: off), implies KbdInteractiveAuthentication. Suggestion from
markus@
2001-04-25 22:44:14 +10:00
3f36496e33
- markus@cvs.openbsd.org 2001/04/19 00:05:11
...
[auth2.c]
use local variable, no function call needed.
(btw, hostbased works now with ssh.com >= 2.0.13)
2001-04-19 20:50:07 +00:00
671388f233
- markus@cvs.openbsd.org 2001/04/18 23:43:26
...
[auth2.c compat.c sshconnect2.c]
more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
(however the 2.1.0 server seems to work only if debug is enabled...)
2001-04-19 20:40:45 +00:00
4aa603c150
- markus@cvs.openbsd.org 2001/04/18 22:48:26
...
[auth2.c]
no longer const
2001-04-19 20:38:06 +00:00
2bffd6fd1b
- markus@cvs.openbsd.org 2001/04/18 22:03:45
...
[auth2.c sshconnect2.c]
use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
2001-04-19 20:35:40 +00:00
5eabda303a
- markus@cvs.openbsd.org 2001/04/12 19:15:26
...
[auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
sshconnect2.c sshd_config]
implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
similar to RhostRSAAuthentication unless you enable (the experimental)
HostbasedUsesNameFromPacketOnly option. please test. :)
2001-04-12 23:34:34 +00:00
3fcf1a22b5
- markus@cvs.openbsd.org 2001/04/06 21:00:17
...
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
do gid/groups-swap in addition to uid-swap, should help if /home/group
is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
to olar@openwall.com is comments. we had many requests for this.
2001-04-08 18:26:59 +00:00
0cae04005e
- markus@cvs.openbsd.org 2001/04/04 20:32:56
...
[auth2.c]
we don't care about missing bannerfiles; from tsoome@ut.ee , ok deraadt@
2001-04-04 23:47:52 +00:00
5d57e50730
- OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2001/03/28 22:43:31
[auth.h auth2.c auth2-chall.c]
check auth_root_allowed for kbd-int auth, too.
2001-03-30 10:48:31 +10:00
b31783d547
- markus@cvs.openbsd.org 2001/03/21 11:43:45
...
[auth1.c auth2.c session.c session.h]
merge common ssh v1/2 code
2001-03-22 02:02:12 +00:00
eebc4a2ed3
- (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
...
resync
2001-03-22 01:22:03 +00:00
b54873ad24
- markus@cvs.openbsd.org 2001/03/11 13:25:36
...
[auth2.c key.c]
debug
2001-03-11 20:01:55 +00:00
9c5324422e
- (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
2001-03-05 07:33:14 +00:00
204e48851a
- deraadt@cvs.openbsd.org 2001/03/01 02:45:10
...
[auth-rsa.c auth2.c deattack.c packet.c]
KNF
2001-03-05 06:47:00 +00:00
086cf214cf
- markus@cvs.openbsd.org 2001/02/22 21:59:44
...
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
use pwcopy in ssh.c, too
2001-03-05 05:56:40 +00:00
d95c09cc83
- (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
...
pty.[ch] -> sshpty.[ch]
2001-02-18 19:13:33 +00:00
60396b060b
- (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
...
enable with --with-bsd-auth.
2001-02-18 17:01:00 +11:00
c83de6db41
KNF
2001-02-16 14:17:59 +11:00
c1ba31fadc
- markus@cvs.openssh.org 2001/02/13 22:49:40
...
[auth1.c auth2.c]
setproctitle(user) only if getpwnam succeeds
2001-02-15 03:14:11 +00:00
d8a9021f36
- markus@cvs.openbsd.org 2001/02/12 16:16:23
...
[auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
ssh-keygen.c sshd.8]
PermitRootLogin={yes,without-password,forced-commands-only,no}
(before this change, root could login even if PermitRootLogin==no)
2001-02-15 03:08:27 +00:00
92ddb7d6f0
- (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
...
<cmadams@hiwaay.net> with a little modification and KNF.
2001-02-14 01:25:23 +11:00
d1f20ec368
- markus@cvs.openbsd.org 2001/02/10 12:52:02
...
[auth2.c]
offer passwd before s/key
2001-02-10 21:31:53 +00:00
f79aeffe3b
- markus@cvs.openbsd.org 2001/02/07 22:35:46
...
[auth1.c auth2.c sshd.c]
move k_setpag() to a central place; ok dugsong@
2001-02-10 21:27:11 +00:00
4abe4def70
- (stevesk) OpenBSD sync:
...
- markus@cvs.openbsd.org 2001/02/08 11:20:01
[auth2.c]
strict checking
- markus@cvs.openbsd.org 2001/02/08 11:15:22
[version.h]
update to 2.3.2
- markus@cvs.openbsd.org 2001/02/08 11:12:30
[auth2.c]
fix typo
2001-02-08 19:16:32 +00:00
0afcc9f942
- stevesk@cvs.openbsd.org 2001/02/04 06:30:12
...
[auth2.c authfd.c packet.c]
remove duplicate #include's; ok markus@
2001-02-05 13:57:36 +00:00
ef4eea9bad
- stevesk@cvs.openbsd.org 2001/02/04 08:32:27
...
[many files; did this manually to our top-level source dir]
unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 12:42:17 +00:00
3380426358
NB: big update - may break stuff. Please test!
...
- (djm) OpenBSD CVS sync:
- markus@cvs.openbsd.org 2001/02/03 03:08:38
[auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
[canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
[sshd_config]
make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
- markus@cvs.openbsd.org 2001/02/03 03:19:51
[ssh.1 sshd.8 sshd_config]
Skey is now called ChallengeResponse
- markus@cvs.openbsd.org 2001/02/03 03:43:09
[sshd.8]
use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
channel. note from Erik.Anggard@cygate.se (pr/1659)
- stevesk@cvs.openbsd.org 2001/02/03 10:03:06
[ssh.1]
typos; ok markus@
- djm@cvs.openbsd.org 2001/02/04 04:11:56
[scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
[sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
Basic interactive sftp client; ok theo@
- (djm) Update RPM specs for new sftp binary
- (djm) Update several bits for new optional reverse lookup stuff. I
think I got them all.
2001-02-04 23:20:18 +11:00
6d40c0f806
- (bal) Minor auth2.c resync. Whitespace and moving of an #include.
2001-01-29 09:02:24 +00:00
95fb2dde77
- markus@cvs.openbsd.org 2001/01/22 23:06:39
...
[auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
sshconnect1.c sshconnect2.c sshd.c]
rename skey -> challenge response.
auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
2001-01-23 03:12:10 +00:00
b1985f7279
- (bal) OpenBSD Resync
...
- markus@cvs.openbsd.org 2001/01/22 8:15:00
[auth-krb4.c sshconnect1.c]
only AFS needs radix.[ch]
- markus@cvs.openbsd.org 2001/01/22 8:32:53
[auth2.c]
no need to include; from mouring@etoh.eviladmin.org
- stevesk@cvs.openbsd.org 2001/01/22 16:55:21
[key.c]
free() -> xfree(); ok markus@
- stevesk@cvs.openbsd.org 2001/01/22 17:22:28
[sshconnect2.c sshd.c]
fix memory leaks in SSH2 key exchange; ok markus@
2001-01-23 00:19:15 +00:00
226cfa0378
Hopefully things did not get mixed around too much. It compiles under
...
Linux and works. So that is at least a good sign. =)
20010122
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
[servconf.c ssh.h sshd.c]
only auth-chall.c needs #ifdef SKEY
- markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
[auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
ssh1.h sshconnect1.c sshd.c ttymodes.c]
move ssh1 definitions to ssh1.h, pathnames to pathnames.h
- markus@cvs.openbsd.org 2001/01/19 16:48:14
[sshd.8]
fix typo; from stevesk@
- markus@cvs.openbsd.org 2001/01/19 16:50:58
[ssh-dss.c]
clear and free digest, make consistent with other code (use dlen); from
stevesk@
- markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
[auth-options.c auth-options.h auth-rsa.c auth2.c]
pass the filename to auth_parse_options()
- markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
[readconf.c]
fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
- stevesk@cvs.openbsd.org 2001/01/20 18:20:29
[sshconnect2.c]
dh_new_group() does not return NULL. ok markus@
- markus@cvs.openbsd.org 2001/01/20 21:33:42
[ssh-add.c]
do not loop forever if askpass does not exist; from
andrew@pimlott.ne.mediaone.net
- djm@cvs.openbsd.org 2001/01/20 23:00:56
[servconf.c]
Check for NULL return from strdelim; ok markus
- djm@cvs.openbsd.org 2001/01/20 23:02:07
[readconf.c]
KNF; ok markus
- jakob@cvs.openbsd.org 2001/01/21 9:00:33
[ssh-keygen.1]
remove -R flag; ok markus@
- markus@cvs.openbsd.org 2001/01/21 19:05:40
[atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
key.c key.h log-client.c log-server.c log.c log.h login.c login.h
match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
ttysmodes.c uidswap.c xmalloc.c]
split ssh.h and try to cleanup the #include mess. remove unnecessary
#includes. rename util.[ch] -> misc.[ch]
- (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
- (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
conflict when compiling for non-kerb install
- (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
on 1/19.
2001-01-22 05:34:40 +00:00
22e22bf9ba
- (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
...
to fix NULL pointer deref and fake authloop breakage in PAM code.
2001-01-19 15:46:38 +11:00
db65e8fded
Please grep through the source and look for 'ISSUE' comments and verify
...
that I was able to get all the portable bits in the right location. As for
the SKEY comment there is an email out to Markus as to how it should be
resolved. Until then I just #ifdef SKEY/#endif out the whole block.
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/18 16:20:21
[log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
sshd.8 sshd.c]
log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
systems
- markus@cvs.openbsd.org 2001/01/18 16:59:59
[auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
session.h sshconnect1.c]
1) removes fake skey from sshd, since this will be much
harder with /usr/libexec/auth/login_XXX
2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
3) make addition of BSD_AUTH and other challenge reponse methods
easier.
- markus@cvs.openbsd.org 2001/01/18 17:12:43
[auth-chall.c auth2-chall.c]
rename *-skey.c *-chall.c since the files are not skey specific
2001-01-19 04:26:52 +00:00
Damien Miller
Ben Lindstrom
Kevin Steves